Skip to content

The Linux Foundation announces collective to enhance open source software security

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more.

open source handwritten with related word cloud

Image: Getty Images/iStockphoto

Open-source code has become  integral for global organizations across. In 2019, Red Hat’s initial State of Enterprise Open Source survey found that 69% of IT professionals surveyed believed open-source software to be very important or extremely important. In the 2020 Red Hat survey, more than three-quarters (77%) of IT leaders believed the use of open source solutions in the enterprise will continue to see growth.

More about Open Source

Today, the creation of the Open Source Security Foundation (OpenSSF). The newly formed organization is intended to unite leaders across industries to enhance open-source software (OSS) security. To do so, this multi-industry collaborative will focus on creating “targeted initiatives,” streamlining recommended best practices, and more. Overall, the partnership involves efforts from major players in the tech industry including IBM, Google, GitHub, Microsoft, Okta, Intel, and others.

SEE: Linux file and directory management commands (TechRepublic Premium)

“We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open source software we all depend on,” said Jim Zemlin, executive director at The Linux Foundation in a press release. “Ensuring open source security is one of the most important things we can do, and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort.”

According to The Linux Foundation, an array of contributors are involved in the open-source software development process and, as a result, “it is important that those responsible for their user or organization’s security are able to understand and verify the security of this dependency chain.” The creation of the OpenSSF is designed to unite leading open-source security projects with the individuals and organizations that support these initiatives.

The Linux Foundation’s Core Infrastructure Initiative (CII), which was created following the Heartbleed bug, is one such open-source security program brought into the fold with the creation of OpenSSF. Others include GitHub Security Lab’s Open Source Security Coalition.

SEE: macOS Big Sur: A cheat sheet (free PDF) (TechRepublic)

As part of the announcement, The Linux Foundation also disclosed additional details related to OpenSFF’s governance structure such as the formation of a Technical Advisory Council (TAC), Governing Board (GB) as well as separate oversight bodies “for each working group and project.”

“Every industry is using open source software, and it is our collective responsibility to help maintain a healthy and secure ecosystem,” said vice president of product security at GitHub, Jamie Cool, in a press release.

Also see